Metro Bank has become the first relevant financial institution to disclose SS7 attacks against its customers, although this could be more common than expected
A new variant of cyberattack has been used
against the British financial institution Metro Bank. According to network
security and ethical hacking specialists from the International
Institute of Cyber Security, a group of hackers has been exploiting
vulnerabilities in the SS7 signaling
protocol to intercept the text messages that the bank sends its customers
to authorize different transactions.
The Signaling System 7 (SS7) is a set of
protocols that allows connections between two mobile networks, mention experts
in network security. The information circulating between the two networks is
necessary to route calls and text messages between multiple networks. Experts
theorize that attackers exploited a known vulnerability in the SS7 protocol to
bypass multi-factor
authentication used in Metro Bank systems.
“Before, only intelligence agencies or government
contractors had the required tools to carry out this kind of intrusions; however,
we have been able to confirm that groups of cybercriminals also have at their
reach this kind of tools and are using them to empty bank accounts”, it is read
in the announcement of Metro Bank.
Although the organization mentions that this was an isolated fact,
network security specialists believe that SS7 attacks on banking institutions
could be much more frequent than we thought.
“At Metro Bank we take the security of our
customers very seriously. We will collaborate with the telecommunications
companies and the responsible authorities, and we also reaffirm that the
relevant security measures are already being implemented”, said the bank
spokesman.
The banking institution confirmed that “only a
small number of customers” were affected by the incident. “We ask our customers
to stay alert and report any anomalous activity in their accounts,” adds the
bank statement. Metro Bank immediately notified the competent authorities; so
far it is the only banking institution that has reported an attack of this
kind.
“We are aware of the exploitation of this
vulnerability in SS7 to intercept text messages used as multi-factor
authentication,” confirmed the spokesman of the United Kingdom National Cyber Security Center (UK
NCSC).
Karsten Nohl, a cybersecurity specialist, has
conducted multiple investigations into the vulnerabilities that affect the SS7
protocol and states that there are many banks that have suffered this kind of
attack: “The confirmation codes on these text messages could be available to
anyone”.
Security specialists believe that behind these
attacks there is a group of cybercriminals with advanced knowledge and multiple
tools at their reach. “This group of
hackers could have gained access from legitimate vendors, or be leveraging that
access, making SS7 requests seem a little more legitimate,” Nohl mentioned.
